Casio ACS V6000 manual Protocol options, To add a chain

Page 29

24 ACS v6000 Installation/Administration/User Guide

If LOG is selected from the Target pull-down menu, the administrator can configure a Log Level, a Log Prefix and whether the TCP sequence, TCP options and IP options are logged in the Log Options Section.

If REJECT is selected from the Target pull-down menu, the administrator can select an option from the Reject with pull-down menu; the packet is dropped and a reply packet of the selected type is sent.

Protocol options

Different fields are activated for each option in the Protocol pull-down menu.

If Numeric is selected from the Protocol menu, enter a Protocol Number in the text field.

If TCP is selected from the Protocol menu, a TCP Options Section is activated for entering source and destination ports and TCP flags.

If UDP is selected from the Protocol menu, the UDP section is activated for entering source and destination ports.

Table 3.3: Firewall Configuration - TCP and UDP Options Fields

Field/Menu Option

Definition

Source Port - or -

Destination Port

A single IP address or a range of IP addresses.

[TCP only] SYN (synchronize), ACK (acknowledge), FIN (finish), RST (reset),

TCP FlagsURG (urgent) and PSH (push). The conditions in the pull-down menu for each flag are: Any, Set or Unset.

If ICMP is selected from the Protocol menu, the ICMP Type pull-down menu is activated.

If an administrator enters the Ethernet interface (eth0) in the input or output interface fields and selects an option (2nd and further packets, All packets and fragments or Unfragmented packets and 1st packets) from the Fragments pull-down menu, the target action is performed on packets from or to the specified interface if they meet the criteria in the selected Fragments menu option.

To add a chain:

1.Select Network - Firewall.

2.Select either IPv4 Filter Table or IPv6 Filter Table as needed.

3.Click Add.

4.Enter the name of the chain to be added.

5.Click Save.

Image 29

Contents ACS Page ACS B L E of C on TE N TS Iii ACS v6000 Installation/Administration/User Guide Access options Features and BenefitsFlexible users and groups Web ManagerIPv4 and IPv6 support Security AuthenticationVPN based on IPSec with NAT traversal Packet filteringAuto discovery Data logging, notifications, alarms and data bufferingACS v6000 virtual console server requirements To create the virtual machine using the vSphere clientPage Using Telnet or SSH # telnet hostname IPaddress To use Telnet to connect to a device through a serial portTo close a Telnet session To use SSH to connect to a device through a serial portTo close an SSH session ACS v6000 Installation/Administration/User Guide To log into the web manager Web Manager Overview for AdministratorsWizard Mode Wizard Screen To configure Ports To configure network parametersTo configure licenses Access Expert ModeTo configure users and change the default user passwords To view and connect to devices using the web managerSecurity profiles System ToolsSystem Select System Security Security Profile To configure the Security ProfileTo configure DSView 3 software security settings Help and Language Date and TimeUsage VM SettingsInformation VCenter To configure a vCenterTo add an association by Datacenter License To power control targets using the web managerNetwork To configure a network device SettingsDevices IPv4 and IPv6 static routesHosts Configuring the firewallFirewall To add a hostTo add a chain Protocol optionsIPSecVPN To change the policy for a default chainTo add a rule To edit a rulePayload or AH Authentication Header Click Network Snmp Snmp ConfigurationTo configure Snmp Ports To enable or disable one or more serial portsSerial ports Select Ports Serial PortsCAS Ctrl-X Parameter Description Auto discovery To copy/clone the configuration of one port to other portsCAS Profile Select Ports CAS Profile Auto Answer To configure the input/output strings used by auto answerSelect Probe Strings or Match Strings Click Ports Pool of CAS Ports To configure a pool of CAS portsPool of CAS ports Pool of CAS Ports Parameters Parameter Description AuthenticationAuthentication servers Appliance authenticationTo set authentication for the console server To configure a Radius authentication serverSelect Authentication Authentication Servers TACACS+ To configure a TACACS+ authentication serverTo configure an Ldapsad authentication server Select Authentication Authentication Servers LdapsadTo configure an NIS authentication server To configure a Kerberos authentication serverTo configure a DSView authentication server Users Accounts and User GroupsTo add new users Local accountsClick Users Local Accounts Password Rules To configure password rulesAdmin group User groupsTo view admin Appliance Access Rights Shell-login-profile Appliance-admin groupUser group Managing user groupsTo remove members from a user group To configure a login profile for a user groupCheck the Enable Log-In Profile box To assign appliance access rights for custom user groups To add access to serial ports for a user groupTo configure a group in a Radius authentication server To configure a group in a TACACS+ authentication serverEvent Destinations Event NotificationsEvent List Select Events and Logs Data Buffering To configure Data BufferingData Buffering Active Sessions To configure Appliance LoggingMonitoring Appliance LoggingTo change your own password Change PasswordSelect Change Password Web Manager Overview for Regular UsersACS v6000 Installation/Administration/User Guide Configuration Appendix a BootP Configuration RetrievalAppendix B Technical Support To resolve an issueFor Technical Support